Cryptography and Network

Security
Chapter 1 Introduction

CSS Chapter 1

04/15/15

Background
Information security requirements have changed in

recent times
Traditionally provided by physical and administrative
mechanisms
Computer use requires automated tools to protect files
and other stored information
Use of networks and communications links requires
measures to protect data during transmission

CSS Chapter 1

04/15/15

Definitions
Computer Security - generic name for

the collection of tools designed to

protect data and to thwart hackers
Network Security - measures to
protect data during their transmission
Internet Security - measures to
protect data during their transmission
over a collection of interconnected
networks

CSS Chapter 1

04/15/15

Aim of Course
Our focus is on internet security
Which consists of measures to deter, prevent, detect,

and correct security violations that involve the

transmission & storage of information

CSS Chapter 1

04/15/15

Security Trends

CSS Chapter 1

04/15/15

OSI Security Architecture

Itu-t x.800 security architecture for OSI
Defines a systematic way of defining and providing

security requirements
For us it provides a useful, if abstract, overview of concepts
we will study

CSS Chapter 1

04/15/15

Aspects of Security
Consider 3 aspects of information security:
Security attack
Security mechanism
Security service

CSS Chapter 1

04/15/15

Security Attack
Any action that compromises the security of information

owned by an organization
Information security is about how to prevent attacks, or
failing that, to detect attacks on information-based
systems
Often threat & attack used to mean same thing
Have a wide range of attacks
Can focus of generic types of attacks
Passive
Active
8

CSS Chapter 1

04/15/15

Passive Attacks

CSS Chapter 1

04/15/15

Active Attacks

10

CSS Chapter 1

04/15/15

Security Service
Enhance security of data processing systems and

information transfers of an organization

Intended to counter security attacks
Using one or more security mechanisms
Often replicates functions normally associated with
physical documents
Which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed

11

CSS Chapter 1

04/15/15

Security Services
X.800:

a service provided by a protocol layer of communicating

open systems, which ensures adequate security of the
systems or of data transfers
RFC 2828:

a processing or communication service provided by a

system to give a specific kind of protection to system
resources

12

CSS Chapter 1

04/15/15

Security Services (X.800)

Authentication - assurance that the communicating

entity is the one claimed

Access Control - prevention of the unauthorized use
of a resource
Data Confidentiality protection of data from
unauthorized disclosure
Data Integrity - assurance that data received is as sent
by an authorized entity
Non-Repudiation - protection against denial by one of
the parties in a communication

13

CSS Chapter 1

04/15/15

Security Mechanism
Feature designed to detect, prevent, or recover from a

security attack
No single mechanism that will support all services
required
However one particular element underlies many of the
security mechanisms in use:
Cryptographic techniques
Hence our focus on this topic

14

CSS Chapter 1

04/15/15

Security Mechanisms (X.800)

Specific security mechanisms:
Encipherment, Digital Signatures, Access Controls,

Data Integrity, Authentication Exchange, Traffic

Padding, Routing Control, Notarization
Pervasive security mechanisms:
Trusted Functionality, Security Labels, Event Detection,
Security Audit Trails, Security Recovery

15

CSS Chapter 1

04/15/15

Model for Network Security

16

CSS Chapter 1

04/15/15

Model for Network Security

17

Using this model requires us to:

1. Design a suitable algorithm for the security
transformation
2. Generate the secret information (keys) used by
the algorithm
3. Develop methods to distribute and share the
secret information
4. Specify a protocol enabling the principals to use
the transformation and secret information for a
security service

CSS Chapter 1

04/15/15

Model for Network Access

Security

18

CSS Chapter 1

04/15/15

Model for Network Access

Security

Using this model requires us to:

1. Select appropriate gatekeeper functions to
identify users
2. Implement security controls to ensure only
authorised users access designated information or
resources
Trusted computer systems may be useful to help
implement this model

19

CSS Chapter 1

04/15/15

Summary
Have considered:
Definitions for:
Computer, network, internet security
X.800 standard
Security attacks, services, mechanisms
Models for network (access) security

20

CSS Chapter 1

04/15/15